On 26/04/18 14:42, Mick wrote:
Hmm ... why is my Intel system missing 'IBPB' & 'IBRS_FW' ?
$ grep . /sys/devices/system/cpu/vulnerabilities/*
/sys/devices/system/cpu/vulnerabilities/meltdown:Mitigation: PTI
/sys/devices/system/cpu/vulnerabilities/spectre_v1:Mitigation: __user pointer
sanitization
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Full generic
retpoline
Are there some kernel options I should have selected manually?
Do you have the latest sys-firmware/intel-microcode installed and
configured correctly? You need to enable the "early microcode" kernel
option, and you also need to add /boot/intel-uc.img to your list of
initrds to load in grub2. Alternatively, a BIOS update for your
mainboard (if one exists; most older mainboards won't get updates from
the likes of Asus, MSI, Gigabyte, etc, etc, etc, so for older boards,
you need the microcode package.)
